Detection of ransomware in static analysis by using Gradient Tree Boosting Algorithm

Abstract

Ransomware is the type of malware that encrypts the user data which cannot be accessed then the ransom demands to pay for decrypting key. Many organizations lose their data and money; lose their reputation as small organizations. So, detect the ransomware which affected the system before execution. Later, detection of ransomware was done by the decision tree algorithm method. In this work, we use a static detection of ransomware which extracts the features to classify whether it is ransomware, malware or benign before execution on the system by using gradient tree boosting algorithm. In the previous method, the detection of ransomware by using a decision tree method which achieved 98.98% with a detection rate of 0.2%, which ends with False Positive Rate (FPR) and the result is efficient for small dataset. Our proposed method the detection of the ransomware achieves 99.997% with a detection rate of 0.1% false positive rate again it results with less than 0.01% false positive rates with 98.3% of detection rate based on the 700,000 training and 400,000 testing samples from the dataset. Our method achieves more accuracy than the later algorithm while increasing the dataset for detecting the ransomware and also to identify the type of malware.